<?php
  session_start();

$_SESSION['!bla'] = '|xxx|O:10:"evilObject":0:{}';

var_dump($_SESSION);

var_dump(session_encode());

session_decode(session_encode());

var_dump($_SESSION);
